FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  506800
Date:      2019-07-17
Time:      14:54:53Z
Committer: lwhsu

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4729c849-4897-11e6-b704-000c292e4fd8samba -- client side SMB2/3 required signing can be downgraded

Samba team reports:

A man in the middle attack can disable client signing over SMB2/3, even if enforced by configuration parameters.


Discovery 2016-07-07
Entry 2016-07-13
samba4
ge 4.0.0 le 4.0.26

samba41
ge 4.1.0 le 4.1.23

samba42
ge 4.2.0 lt 4.2.14

samba43
ge 4.3.0 lt 4.3.11

samba44
ge 4.4.0 lt 4.4.5

CVE-2016-2119
https://www.samba.org/samba/security/CVE-2016-2119.html
996c219c-bbb1-11e4-88ae-d050992ecde8samba -- Unexpected code execution in smbd

Samba development team reports:

All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon.

A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.


Discovery 2015-02-23
Entry 2015-02-23
samba4
ge 4.0.0 lt 4.0.25

samba41
ge 4.1.0 lt 4.1.17

samba36
ge 3.6.0 lt 3.6.25

CVE-2015-0240
https://www.samba.org/samba/security/CVE-2015-0240
a636fc26-00d9-11e6-b704-000c292e4fd8samba -- multiple vulnerabilities

Samba team reports:

[CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks.

[CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags, especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.

[CVE-2016-2111] When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel's endpoints, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic.

[CVE-2016-2112] A man in the middle is able to downgrade LDAP connections to no integrity protection.

[CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP connections (with ldaps://) and ncacn_http connections (with https://).

[CVE-2016-2114] Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured.

[CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is the default for most the file server related protocols) is inherited from the underlying SMB connection.

[CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic between a client and a server in order to impersonate the client and get the same privileges as the authenticated user account. This is most problematic against active directory domain controllers.


Discovery 2016-04-12
Entry 2016-04-12
Modified 2016-04-12
samba36
ge 3.6.0 le 3.6.25_3

samba4
ge 4.0.0 le 4.0.26

samba41
ge 4.1.0 le 4.1.23

samba42
ge 4.2.0 lt 4.2.11

samba43
ge 4.3.0 lt 4.3.8

samba44
ge 4.4.0 lt 4.4.2

CVE-2015-5370
https://www.samba.org/samba/security/CVE-2015-5370.html
CVE-2016-2110
https://www.samba.org/samba/security/CVE-2016-2110.html
CVE-2016-2111
https://www.samba.org/samba/security/CVE-2016-2111.html
CVE-2016-2112
https://www.samba.org/samba/security/CVE-2016-2112.html
CVE-2016-2113
https://www.samba.org/samba/security/CVE-2016-2113.html
CVE-2016-2114
https://www.samba.org/samba/security/CVE-2016-2114.html
CVE-2016-2115
https://www.samba.org/samba/security/CVE-2016-2115.html
CVE-2016-2118
https://www.samba.org/samba/security/CVE-2016-2118.html
d4f45676-9d33-11e4-8275-000c292e4fd8samba -- Elevation of privilege to Active Directory Domain Controller

Samba team reports:

In Samba's AD DC we neglected to ensure that attempted modifications of the userAccountControl attribute did not allow the UF_SERVER_TRUST_ACCOUNT bit to be set.


Discovery 2015-01-15
Entry 2015-01-16
samba4
ge 4.0.0 lt 4.0.23

samba41
ge 4.1.0 lt 4.1.15

CVE-2014-8143
https://www.samba.org/samba/security/CVE-2014-8143
89ff45e3-1a57-11e4-bebd-000c2980a9f3samba -- remote code execution

Samba developers report:

A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon. It may be possible to use this to generate a remote code execution vulnerability as the superuser (root).


Discovery 2014-07-31
Entry 2014-08-02
samba4
ge 4.0.0 lt 4.0.21

samba41
ge 4.1.0 lt 4.1.11

CVE-2014-3560
http://www.samba.org/samba/security/CVE-2014-3560
2826317b-10ec-11e7-944e-000c292e4fd8samba -- symlink race allows access outside share definition

Samba team reports:

A time-of-check, time-of-use race condition can allow clients to access non-exported parts of the file system via symlinks.


Discovery 2017-03-23
Entry 2017-03-24
samba36
ge 3.6.0 le 3.6.25_4

samba4
ge 4.0.0 le 4.0.26

samba41
ge 4.1.0 le 4.1.23

samba42
ge 4.2.0 le 4.2.14

samba43
ge 4.3.0 le 4.3.13

samba44
ge 4.4.0 lt 4.4.12

samba45
ge 4.5.0 lt 4.5.7

samba46
ge 4.6.0 lt 4.6.1

https://www.samba.org/samba/security/CVE-2017-2619.html
CVE-2017-2619
ef434839-a6a4-11e5-8275-000c292e4fd8samba -- multiple vulnerabilities

Samba team reports:

[CVE-2015-3223] Malicious request can cause Samba LDAP server to hang, spinning using CPU.

[CVE-2015-5330] Malicious request can cause Samba LDAP server to return uninitialized memory that should not be part of the reply.

[CVE-2015-5296] Requesting encryption should also request signing when setting up the connection to protect against man-in-the-middle attacks.

[CVE-2015-5299] A missing access control check in the VFS shadow_copy2 module could allow unauthorized users to access snapshots.

[CVE-2015-7540] Malicious request can cause Samba LDAP server to return crash.

[CVE-2015-8467] Samba can expose Windows DCs to MS15-096 Denial of service via the creation of multiple machine accounts(The Microsoft issue is CVE-2015-2535).

[CVE-2015-5252] Insufficient symlink verification could allow data access outside share path.


Discovery 2015-12-16
Entry 2015-12-19
Modified 2016-02-05
samba36
ge 3.6.0 lt 3.6.25_2

samba4
ge 4.0.0 le 4.0.26

samba41
ge 4.1.0 lt 4.1.22

samba42
ge 4.2.0 lt 4.2.7

samba43
ge 4.3.0 lt 4.3.3

ldb
ge 1.0.0 lt 1.1.24

CVE-2015-3223
https://www.samba.org/samba/security/CVE-2015-3223.html
CVE-2015-5252
https://www.samba.org/samba/security/CVE-2015-5252.html
CVE-2015-5296
https://www.samba.org/samba/security/CVE-2015-5296.html
CVE-2015-5299
https://www.samba.org/samba/security/CVE-2015-5299.html
CVE-2015-5330
https://www.samba.org/samba/security/CVE-2015-5330.html
CVE-2015-7540
https://www.samba.org/samba/security/CVE-2015-7540.html
CVE-2015-8467
https://www.samba.org/samba/security/CVE-2015-8467.html
e4bc323f-cc73-11e6-b704-000c292e4fd8samba -- multiple vulnerabilities

Samba team reports:

[CVE-2016-2123] Authenticated users can supply malicious dnsRecord attributes on DNS objects and trigger a controlled memory corruption.

[CVE-2016-2125] Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or trusted domain/realm, is given a valid general purpose Kerberos "Ticket Granting Ticket" (TGT), which can be used to fully impersonate the authenticated user or service.

[CVE-2016-2126] A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.


Discovery 2016-12-19
Entry 2016-12-26
Modified 2016-12-26
samba36
ge 3.6.0 le 3.6.25_4

samba4
ge 4.0.0 le 4.0.26

samba41
ge 4.1.0 le 4.1.23

samba42
ge 4.2.0 le 4.2.14

samba43
ge 4.3.0 lt 4.3.13

samba44
ge 4.4.0 lt 4.4.8

samba45
ge 4.5.0 lt 4.5.3

CVE-2016-2123
https://www.samba.org/samba/security/CVE-2016-2123.html
CVE-2016-2125
https://www.samba.org/samba/security/CVE-2016-2125.html
CVE-2016-2126
https://www.samba.org/samba/security/CVE-2016-2126.html